The U.S. government issued a warning to iOS users Thursday that a vulnerability in the mobile operating system allows hackers to steal sensitive data.

The U.S. Computer Emergency Readiness Team (CERT) posted a statement outlining a technique known as a "Masque Attack," where an attacker can substitute a legitimate app with his or her own malware.

Users of older iOS devices need not worry as much. The iOS Masque Attack technique seems to only affect iOS versions 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta. For those wondering, this means the entire 2013 and 2014 Apple mobile lineups are affected, along with older models that were able to upgrade.

FireEye, Inc., the U.S. security firm that uncovered the Masque Attack, describes the technique as such:

"In July 2014, FireEye mobile security researchers have discovered that an iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier. This in-house app may display an arbitrary title (like 'New Flappy Bird') that lures the user to install it, but the app can replace another genuine app after installation. All apps can be replaced except iOS preinstalled apps, such as Mobile Safari. This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier."

In layman's terms, the Masque Attack allows the attacker to access various bits of personal information, including login information, emails and even information from the original app that was replaced.

FireEye states that it was started witnessing Masque Attacks in the wild, indicating that the threat has become a possible concern for the millions of iOS users out there.

The only real solution, until Apple fixes the internal coding, is to simply stay away from any downloads that could potentially mask a Masque Attack. FireEye warns users to stay away from downloading apps outside Apple's official app store, pay attention to any Apple notifications that say "Untrusted App Developer," and not to install apps from a third-party webpage.

iOS 7 users can actually check under Settings > General > Profiles for any suspicious "PROVISIONING PROFILES" that might indicate a Masque Attack. iOS 8 users do not have the same luxury.

FireEye stated it is putting pressure on Apple to revamp its internals to provide more security.

In response to reports, Apple has issued a statement on the matter to iMore, saying:

We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website.

Apple subsequently posted security guidelines detailing the installation of custom enterprise apps.

For more stories like this, follow us on Twitter!